I got my CEH because I was bored and waiting for approval on my SANS SEC504/GCIH. It has helped my career, but it could have also been my CISSP or GCIH last year as well.. but I got a solid promotion without requiring a degree. Needless to say it is difficult to get a promotion without out, but I was able to clearly show that I am working well above my previous level.

The real way the cert helped me was technically. It gave me a huge understanding of the pen testing/hacker methodology and the tools used and how to defend them.

IMHO whether it helps or not with our current employer really just depends on your current employer. I do believe it is widely recognized with HR departments, and will make you stand out more in the initial stages of hiring.As far as the knowledge gained, if you're just starting out I think it lies a good foundation, if you've been doing this for awhile, well, review is never a bad thing.

I think this is probably true of most certifications, but I think it depends on where you are in your career, what your experience is and where your interests are at.

As a real-world example, I earned my CEH while at my first IT job as a helpdesk technician. I always had an interest in security and had been messing around with tools for a while. Once I earned the certification it showed my boss that I really had an interest and I started receiving security-related tasks. I was eventually promoted to network admin and my participation and involvement in security continued to grow.

As you'll find pretty often, most people will refer to it as an introductory course. There's no limit to what you can do with what you learn. I usually tell people they'll get out of it what they put into it. If you're just getting into the arena, it's a great start. If you really have the interest and desire, you'll take it to the next level on your own.

Cool. I actually have the exam scheduled for Friday. I work as a system administrator currently; however, I'm interested in information security. The certification will be nice to have, but just learning the material is satisfying my hunger.

I totally agree to the opinion that an official certification on ethical hacking surely gives the IT professionals a push in their career. It is simply because, network security is one of the biggest concerns that any business can have.A minute's carelessness can cause a huge loss of database and online resources . It is a must that every non conventional business house should be equipped to deal with hacking threats. How ever, it is important to to train professionals by an authorized and authentic body; so that , the entire ethical hackers community is organized to ensure network security. EC council has been the best institute teaching professionals how to protect and advance their security measures.Hats off to the good job !! keep going

As an individual you guys know better whats the value of this certificate.But as an CEH (Training) provider we know the market demand.Yes CEH is the entry level certification in network security but it doesnt mean that it will not help to expert professional. This is the certification which help professionals in each level.

But my question is: many people says that C|EH is "the first step" or a "good start". But what is the next step?

I guess it depends where you want to go. I myself am a web application architect and after 10 years developing java webapps, I started to realize more and more that 98% or web developers don't have a clue about security (and this is sooooo true!). But my goal is to switch to PenTesting in a few years and I study every night to reach my goal.

So, other than a lot of work, what would be the next cert/course for someone who wants to pursuit his career as a:

In general, if you have the resources to take any of / all of the courses, then I think your beginning list is pretty good. There are many courses you could take, to followup for each specialization, but overall, the biggest reason to say CEH is just the start is that there are YEARS of experience and hands-on learning, which you'll continue for a lifetime, in the security realm. It never ends (which is good, as it keeps your brain going!)

Specific to your list, though, depending upon which path you want to take, another good one to add to the Pentesting would be OSCP. To add to the CISO one - you could insert CISA and CISM. Other category: too many to list, depending on whether you want to study disassembly / programming securely, wireless, etc.

It's a life long process, and I'm sure we could offer more hints, ideas and suggestions, should you come to a decision of which avenue you'd like to pursue, next, for yourself.

Good luck, and keep us posted.

Last edited by hayabusa on Fri Feb 05, 2010 12:28 pm, edited 1 time in total.

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'